What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world.
That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and
voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted
to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning,
there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

In order to create a new encrypted filing system managed by cryptmount,
you can use the supplied 'cryptmount-setup' program, which can be used
by the superuser to interactively configure a basic setup.
Alternatively, suppose that we wish to setup a new encrypted filing
system, that will have a target-name of "opaque". If we have a free
disk partition available, say /dev/hdb63, then we can use this directly
to store the encrypted filing system. Alternatively, if we want to
store the encrypted filing system within an ordinary file, we need to
create space using a recipe such as:
$dd if=/dev/zero of=/home/opaque.fs bs=1M count=512
and then replace all occurences of '/dev/hdb63' in the following with
'/home/opaque.fs'. (/dev/urandom can be used in place of /dev/zero,
debatably for extra security, but is rather slower.)
First, we need to add an entry in /etc/cryptmount/cmtab, which
describes the encryption that will be used to protect the filesystem
itself and the access key, as follows:
opaque {
dev=/dev/hdb63 dir=/home/crypt
fstype=ext2 mountoptions=defaults cipher=twofish
keyfile=/etc/cryptmount/opaque.key
keyformat=builtin
}
Here, we will be using the "twofish" algorithm to encrypt the filing
system itself, with the built-in key-manager being used to protect the
decryption key (to be stored in /etc/cryptmount/opaque.key).
In order to generate a secret decryption key (in /etc/crypt&#8208;
mount/opaque.key) that will be used to encrypt the filing system
itself, we can execute, as root:
$cryptmount --generate-key 32 opaque
This will generate a 32-byte (256-bit) key, which is known to be sup&#8208;
ported by the Twofish cipher algorithm, and store it in encrypted form
after asking the system administrator for a password.
If we now execute, as root:
$cryptmount --prepare opaque
we will then be asked for the password that we used when setting up
/etc/cryptmount/opaque.key, which will enable cryptmount to setup a
device-mapper target (/dev/mapper/opaque). (If you receive an error
message of the form device-mapper ioctl cmd 9 failed: Invalid argument
, this may mean that you have chosen a key-size that isn't supported by
your chosen cipher algorithm. You can get some information about suit&#8208;
able key-sizes by checking the output from "more /proc/crypto", and
looking at the "min keysize" and "max keysize" fields.)
We can now use standard tools to create the actual filing system on
/dev/mapper/opaque:
$mke2fs /dev/mapper/opaque
(It may be advisable, after the filesystem is first mounted, to check
that the permissions of the top-level directory created by mke2fs are
appropriate for your needs.)
After executing
$cryptmount --release opaque
$mkdir /home/crypt
the encrypted filing system is ready for use. Ordinary users can mount
it by typing
$cryptmount -m opaque
or
cryptmount opaque
and unmount it using
$cryptmount -u opaque

Files saved on a windows machine use different ascii characters for lines turns. When viewing such files in VI the will most often have a ^M(control-VM) character at the end of each line. This command will remove all occurrences of that character